Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-881-1:74299
HistoryNov 04, 2005 - 11:03 a.m.

[SECURITY] [DSA 881-1] New OpenSSL 0.9.6 packages fix cryptographic weakness

2005-11-0411:03:18
lists.debian.org
15

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.5

Confidence

Low

EPSS

0.011

Percentile

84.4%

JSON

Debian Security Advisory DSA 881-1 [email protected]
http://www.debian.org/security/ Martin Schulze
November 4th, 2005 http://www.debian.org/security/faq

Package : openssl096
Vulnerability : cryptographic weakness
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-2969

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer
(OpenSSL) library that can allow an attacker to perform active
protocol-version rollback attacks that could lead to the use of the
weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS
1.0.

The following matrix explains which version in which distribution has
this problem corrected.

            oldstable (woody)      stable (sarge)     unstable (sid)

openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3
openssl 094 0.9.4-6.woody.4 n/a n/a
openssl 095 0.9.5a-6.woody.6 n/a n/a
openssl 096 n/a 0.9.6m-1sarge1 n/a
openssl 097 n/a n/a 0.9.7g-5

We recommend that you upgrade your libssl packages.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge1.dsc
  Size/MD5 checksum:      617 ce5f1e232a472723ca68499327b72dbb
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge1.diff.gz
  Size/MD5 checksum:    18775 21461483c9dc895530bedc3b973faa07
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
  Size/MD5 checksum:  2184918 1b63bfdca1c37837dddde9f1623498f9

Alpha architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_alpha.deb
  Size/MD5 checksum:  1964914 393db230e3682b76c3c9f36eb42264e6

AMD64 architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_amd64.deb
  Size/MD5 checksum:   577924 c07845bb45e5c3b75456f961e336eb13

ARM architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_arm.deb
  Size/MD5 checksum:   518534 eea289b8dde19ac6c8c6cf7b30ea4eb1

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_i386.deb
  Size/MD5 checksum:  1754964 7b514ad94e57dc9fd6e4842b2946640d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_ia64.deb
  Size/MD5 checksum:   814794 0c604b4b2f703c01173d140b95f61cd6

HP Precision architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_hppa.deb
  Size/MD5 checksum:   587272 01cbb27d7021792fd6570b2f466ce41a

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_m68k.deb
  Size/MD5 checksum:   476638 64e57e89c2efbe43db0ee00ae686413b

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_mips.deb
  Size/MD5 checksum:   576718 a05286b7d56e76bb6863987f9428cfa8

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_mipsel.deb
  Size/MD5 checksum:   568608 11f1592d26bc34ed8b2ecae3af730e04

PowerPC architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_powerpc.deb
  Size/MD5 checksum:   582352 48a678cc33b6b253be1dff5d8d7d23da

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_s390.deb
  Size/MD5 checksum:   602274 4b926097074513294652c4bef75f1f4f

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_sparc.deb
  Size/MD5 checksum:  1458254 29c66b77c695f27f4f38dbdfbd51d320

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3.1armopenssl< 0.9.7e-3sarge1openssl_0.9.7e-3sarge1_arm.deb
Debian3mipselopenssl< 0.9.6c-2.woody.8openssl_0.9.6c-2.woody.8_mipsel.deb
Debian3.1powerpclibssl-dev< 0.9.7e-3sarge1libssl-dev_0.9.7e-3sarge1_powerpc.deb
Debian3.1ia64libssl0.9.7< 0.9.7e-3sarge1libssl0.9.7_0.9.7e-3sarge1_ia64.deb
Debian3.1powerpclibcrypto0.9.7-udeb< 0.9.7e-3sarge1libcrypto0.9.7-udeb_0.9.7e-3sarge1_powerpc.deb
Debian3hppalibssl-dev< 0.9.6c-2.woody.8libssl-dev_0.9.6c-2.woody.8_hppa.deb
Debian3allopenssl094< 0.9.4-6.woody.4openssl094_0.9.4-6.woody.4_all.deb
Debian3.1powerpclibssl0.9.6< 0.9.6m-1sarge1libssl0.9.6_0.9.6m-1sarge1_powerpc.deb
Debian3.1powerpclibssl0.9.7< 0.9.7e-3sarge1libssl0.9.7_0.9.7e-3sarge1_powerpc.deb
Debian3s390libssl0.9.6< 0.9.6c-2.woody.8libssl0.9.6_0.9.6c-2.woody.8_s390.deb
Rows per page:
1-10 of 1101

Related

cve 1
f5 2
nessus 25
debian 7
ubuntucve 1
debiancve 1
openvas 26
freebsd 1
ubuntu 1
jvn 1
altlinux 3
gentoo 1
osv 1
cvelist 1
nvd 1
suse 1
slackware 1
securityvulns 1
freebsd_advisory 1
openssl 1
redhat 4
cisco 1
centos 2
oraclelinux 3
cve
cve
CVE-2005-2969
2005-10-18 21:02:00
f5
f5
SOL5533 - Potential protocol version rollback vulnerability in OpenSSL - CVE-2005-2969
2007-05-16 00:00:00
K5533 : Potential protocol version rollback vulnerability in OpenSSL - CVE-2005-2969
2013-03-28 00:00:00
nessus
nessus
Debian DSA-875-1 : openssl094 - cryptographic weakness
2006-10-14 00:00:00
Debian DSA-881-1 : openssl096 - cryptographic weakness
2006-10-14 00:00:00
FreeBSD : openssl -- potential SSL 2.0 rollback (60e26a40-3b25-11da-9484-00123ffe8333)
2006-05-13 00:00:00
debian
debian
[SECURITY] [DSA 882-1] New OpenSSL packages fix cryptographic weakness
2005-11-04 12:08:28
[SECURITY] [DSA 888-1] New OpenSSL packages fix cryptographic weakness
2005-11-07 19:06:00
[SECURITY] [DSA 882-1] New OpenSSL packages fix cryptographic weakness
2005-11-04 12:08:28
ubuntucve
ubuntucve
CVE-2005-2969
2005-10-18 00:00:00
debiancve
debiancve
CVE-2005-2969
2005-10-18 21:02:00
openvas
openvas
Debian: Security Advisory (DSA-881-1)
2008-01-17 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-05:21.openssl.asc)
2008-09-04 00:00:00
OpenSSL: Man in the Middle Attack (CVE-2005-2969) - Windows
2021-08-13 00:00:00
freebsd
freebsd
openssl -- potential SSL 2.0 rollback
2005-10-11 00:00:00
ubuntu
ubuntu
SSL library vulnerability
2005-10-14 00:00:00
jvn
jvn
JVN#23632449: OpenSSL version rollback vulnerability
2005-10-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt3
2005-10-11 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt3
2005-10-11 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt3
2005-10-11 00:00:00
gentoo
gentoo
OpenSSL: SSL 2.0 protocol rollback
2005-10-12 00:00:00
osv
osv
openssl094 - cryptographic weakness
2005-10-27 00:00:00
cvelist
cvelist
CVE-2005-2969
2005-10-18 04:00:00
nvd
nvd
CVE-2005-2969
2005-10-18 21:02:00
suse
suse
protocol downgrade attack in openssl
2005-10-19 12:57:35
slackware
slackware
OpenSSL
2005-10-13 18:06:49
securityvulns
securityvulns
[Full-disclosure] OpenSSL SSL 2.0 Rollback &#40;CAN-2005-2969&#41;
2005-10-11 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-05:21.openssl
2005-10-11 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2005-2969
2005-10-11 00:00:00
redhat
redhat
(RHSA-2005:800) openssl security update
2005-10-11 00:00:00
(RHSA-2008:0629) Moderate: Red Hat Network Satellite Server Solaris client security update
2008-08-13 00:00:00
(RHSA-2008:0264) Moderate: Red Hat Network Satellite Server Solaris client security update
2008-05-20 00:00:00
cisco
cisco
OpenSSL Version Rollback and Weak Cryptographic Algorithm Vulnerabilities
2005-10-12 15:54:57
centos
centos
openssl, openssl095a, openssl096 security update
2005-10-12 00:30:56
openssl, openssl096b security update
2005-10-11 17:08:24
oraclelinux
oraclelinux
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
openssl security update
2019-08-16 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.5

Confidence

Low

EPSS

0.011

Percentile

84.4%

JSON
Related for DEBIAN:DSA-881-1:74299
cve1f52nessus25debian7ubuntucve1debiancve1openvas26freebsd1ubuntu1jvn1altlinux3gentoo1osv1cvelist1nvd1suse1slackware1securityvulns1freebsd_advisory1openssl1redhat4cisco1centos2oraclelinux3